Why doest this script return diff error on Windows10 and Mac for the same Powershell Version?
Script executed:
Now, Azure PowerShell on Mac is in preview. It does not have full functions of Windows PowerShell. Parameter ServicePrincipalName is not supported on Mac now, so you get the error.
According to the error on Windows PowerShell. It seems that your application ID or password wrong. Do you check your them? You could use the following cmdlets to create service principal and logon Azure.
#login Azure
Login-AzureRmAccount
#create RM AD application
$app = New-AzureRmADApplication –DisplayName "<Your Application Display Name>" –HomePage "<http://YourApplicationHomePage>" –IdentifierUris "<http://YourApplicationUri>" –Password "<Your Password>"
#create a service principal for that application
New-AzureRmADServicePrincipal –ApplicationId $app.ApplicationId
#Assign that service principal a role.
New-AzureRmRoleAssignment –RoleDefinitionName Reader –ServicePrincipalName $app.ApplicationId
#Authenticating using a service principal
$pass = ConvertTo-SecureString "<Your Password>" -AsPlainText –Force
$cred = New-Object -TypeName pscredential –ArgumentList "<Your UserName>", $pass
Login-AzureRmAccount -Credential $cred -ServicePrincipal –TenantId <Your TenantId>
More information please refer to this link.
I found it. finally thanks to the collaboration of Microsoft support:
this line of code.
Set-AzureSubscription -SubscriptionName $AzureSubscriptionName| Out-Null
Is not correct. It should be:
Select-AzureRmSubscription -SubscriptionName $AzureSubscriptionName| Out-Null
Related
My problem
I try to run Get-AzureADGroup connected with an App Registration, but get this error message:
Get-AzureADGroup : You must call the Connect-AzureAD cmdlet before
calling any other cmdlets.
But what I am running is:
$secPasswd = ConvertTo-SecureString $secret -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential($appId , $secpasswd)
Connect-AzAccount -Credential $cred -ServicePrincipal -Tenant $tenantId
$gpe = Get-AzureADGroup -SearchString "group1"
Connect-AzAccount is run, so I don't understand this error message.
My execution context
I just created an App Registration and a secret to connect with.
What I need
Why do I get this message since I run Connect-AzureD?
What should I do?
Thanks
Comments are helpful.
Get-AzureADGroup is under Azure AD module while Connect-AzAccount is under Az.Accounts module. They are different.
To run Get-AzureADGroup, you need to sign in with Connect-AzureAD which is the login command in Azure AD module.
If you don't want to install Azure AD module, you can choose to use Get-AzADGroup instead of Get-AzureADGroup.
I have created an Azure Classic type service connection. Is there anything I am missing?
I am then using this Azure Classic Service connection to deploy the cloud service to Azure.
Azure Deployment: D:\a\1\a\*.cspkg
View raw log
Starting: Azure Deployment: D:\a\1\a\*.cspkg
----------------------------------------------------------------
Task : Azure Cloud Service deployment
Description : Deploy an Azure Cloud Service
Version : 1.175.2
Author : Microsoft Corporation
Help : https://learn.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-cloud-powershell-deployment
----------------------------------------------------------------
Import-Module -Name C:\Modules\azure_2.1.0\Azure\2.1.0\Azure.psd1 -Global
Import-Module -Name C:\Modules\azurerm_2.1.0\AzureRM\2.1.0\AzureRM.psd1 -Global
##[warning]The names of some imported commands from the module 'AzureRM.Websites' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the
Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.
Import-Module -Name C:\Modules\azurerm_2.1.0\AzureRM.Profile\2.1.0\AzureRM.Profile.psm1 -Global
Add-AzureAccount -Credential System.Management.Automation.PSCredential
##[error]Sequence contains no elements
-
##[error]There was an error with the Azure credentials used for the deployment.
-
Finishing: Azure Deployment: D:\a\1\a\*.cspkg
PS: I am using the classic editor to create the pipelines and not YAML builds.
##[error]There was an error with the Azure credentials used for the deployment.
You could change to use the Certificate Based as the verification method.
To use the Certificate Based method, you could use the following script to create the .cer file.
$cert = New-SelfSignedCertificate -DnsName yourdomain.cloudapp.net -CertStoreLocation "cert:\LocalMachine\My" -KeyLength 2048 -KeySpec "KeyExchange"
$password = ConvertTo-SecureString -String "your-password" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath ".\my-cert-file.pfx" -Password $password
Export-Certificate -Type CERT -Cert $cert -FilePath .\my-cert-file.cer
Then you could get the upload certificate with the management portal.
At the same time , you could get the Public key with .cer file.
This key is used in the service connection.
You can refer to this ticket to get the possible cause of the problem
Through the following error message, the problem is obvious. Like this pic.
##[error]Sequence contains no elements
##[error]There was an error with the Azure credentials used for the deployment.
You need get $cred by below script.(There are some restriction, for more details, pls read related posts.)
$username = "**.com"
$password = "***"
$secstr = New-Object -TypeName System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr
Add-AzureRmAccount -Credential $cred
Related Posts
1. Visual Studio Team Services: Sequence contains no elements
2. Add-AzureRmAccount : Sequence contains no elements
I have scheduled a PowerShell script to execute a pipeline in Azure.
Have generated the login script(ProfileContext.ctx) using Login-AzureRMAccount
Below is the code to schedule:
$path = "D:\ProfileContext.ctx"
Import-AzureRmContext -Path $path
$dfn = "salesprod"
$rgn = "sale-dw"
$df=Get-AzureRmDataFactory -ResourceGroupName $rgn -Name $dfn
$ISTstartdate = get-date
#Set Pipeline active period
$UTCstartdate = $ISTstartdate.touniversaltime().addminutes(5)
$UTCenddt = $UTCstartdate.AddHours(5)
$pipelinename = "SalesPipeline"
Set-AzureRmDataFactoryPipelineActivePeriod -ResourceGroupName $rgn -PipelineName $pipelinename -DataFactoryName $dfn -StartDateTime $UTCstartdate -EndDateTime $UTCenddt -Force
Above code works fine for 2 or 3 days but then I start getting below issue:
Your Azure credentials have not been set up or have expired, please run Login-AzureRMAccount to set up your Azure credentials.
At D:\RunPipeline.ps1
Below are the version nos:
PSVersion - 5.0.10586.117
Azure - 4.2.1
I resolved it by using below work around: This would auto login for me and then I can schedule without a context file:
$accountName = "pqr#xyz.com"
$password = ConvertTo-SecureString "mypwd" -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($accountName, $password)
Login-AzureRmAccount -Credential $credential
Get-AzureRmResource
Add Joseph's answer. Your answer only works on Azure AD account, Microsoft account does not support non-interactive login. According to your scenario, I suggest you could use Service Principal, it is more safer and not leak your account information. What is Service Principal?
When you have an app or script that needs to access resources, you can
set up an identity for the app and authenticate the app with its own
credentials. This identity is known as a service principal.
You could refer to refer to this link to create a new service principal and give Contributor role. You could use the following command to login your subscription.
$subscriptionId=""
$tenantid=""
$clientid=""
$password=""
$userPassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$userCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $clientid, $userPassword
Add-AzureRmAccount -TenantId $tenantid -ServicePrincipal -SubscriptionId $subscriptionId -Credential $userCredential
I came across with same issue today but after update Azure PowerShell Modules to the latest version, all good. You can do this while easily using Update-Module or just go ahead and use Install-Module AzureRm -Force.
I'm having authentication headaches with Azure. I have a continuous build server running powershell scripts, and I'm getting messages like:
Your Azure credentials have not been set up or have expired, please run Login-AzureRMAccount to set up your Azure credentials.
I don't like having to login with my account on the build server. I suppose I could create another account just for building, but that will expire as well. Is there a better way of handling this?
You should not use Login-AzureRmAccount in your build/deploy scripts because this is an interactive login, but rather Add-AzureRmAccount instead.
Add-AzureRmAccount requires you create a service principal (application) in Azure AD and use its client id and secret/key to authenticate.
Here is a code snippet that you can use:
$clientID = "<the client id of your AD Application>"
$key = "<the key of your AD Application>"
$SecurePassword = $key | ConvertTo-SecureString -AsPlainText -Force
$cred = new-object -typename System.Management.Automation.PSCredential `
-argumentlist $clientID, $SecurePassword
Add-AzureRmAccount -Credential $cred -Tenant "xxxx-xxxx-xxxx-xxxx" -ServicePrincipal
To find out you tenant id (single subscription)
$tenant = (Get-AzureRmSubscription).TenantId
Find tenant id (multiple subscriptions)
$tenant = (Get-AzureRmSubscription -SubscriptionName "My Subscription").TenantId
I am working with Azure (HDInsight in particular) using a personal account (no work/school acocunt).
I would create a script that automatically login on azure and perform some actions.
I found a solutions saving an azure publishsetting json file after logging with our credentials but this settings file contains token that expires.
How can I deal with this issue? What is the best way to accomplish this automatico logon?
Thanks
Roberto
You need to create a service principal. Once you've created the service principal you can assign it permissions on specific resources using Role-Based Access Control. From there your script can login as the service principal without requiring you to login interactively.
The main concern with this approach is securing access to your script since it contains credentials that allow access to your Azure resources.
This article has a good walkthrough:
#First, login as yourself so you can setup the service principal
Login-AzureRmAccount
#Password doesn't have to be *your* password, but the password the script will use
$app = New-AzureRmADApplication –DisplayName "<Your script name>" –HomePage "http://localhost" –IdentifierUris "http://localhost/YourAppName" –Password "<Password>"
#Create the service principal
New-AzureRmADServicePrincipal –ApplicationId $app.ApplicationId
#Assign the Reader role to your new service principal. Other roles listed at
#https://azure.microsoft.com/en-us/documentation/articles/role-based-access-built-in-roles/
New-AzureRmRoleAssignment –RoleDefinitionName Reader –ServicePrincipalName $app.ApplicationId
$pass = ConvertTo-SecureString "<Password>" -AsPlainText –Force
#Servce principal username looks like 92c22f1f-d1d4-46a1-b025-edb47fc03809#something.onmicrosoft.com
#the GUID part is $app.ApplicationId and the domain part is found in the Azure portal
$cred = New-Object -TypeName pscredential –ArgumentList "<Service Principal UserName>", $pass
Login-AzureRmAccount -Credential $cred -ServicePrincipal –TenantId <TenantId>
If it is not a production/shared setup and more a developer setup you can also do, careful, the password is plain text here:
$SubscriptionName = 'MySubscription'
$pswd = 'MyPassword' | ConvertTo-SecureString -AsPlainText -Force
$creds = New-Credential -UserName 'MyEmail#something.com' -Password $pswd
Add-AzureRmAccount -Credential $creds
Set-AzureRmContext -SubscriptionName $SubscriptionName
Login-AzureRmAccount -Credential $creds -SubscriptionName $SubscriptionName
Below information might help you
Create an Automation Account in Azure
Add your credentials in Automation Account as a variable ( e.g
variablename = loginazure) Below Script will automatically login into azure (use Powershell workflow runbook).
$AzureLogin = Get-AutomationPSCredential -Name 'loginazure'
$AzurePortalLogin = New-Object -TypeName System.Management.Automation.PSCredential$AzureLogin
Add-AzureRmAccount -Credential $AzurePortalLogin
Get-AzureRmSubscription -SubscriptionName "your subscription name" | Set-AzureRmContext
use the above script within Inline Script {}
Regards
Thamarai Selvan S
Here are a couple of commands that you can fire up to get started.
$credentials = Get-Credential
Login-AzureRmAcoount -Credential $credentials
$SubscriptionName
Select-AzureRmSubscription -SubscriptionName "The name of your subscription"
Select-AzureRmSubscription -SubscriptionName $SubscriptionName